oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)

From: Jeff Breidenbach <jeff () jab org>
Date: Thu, 30 Dec 2010 11:01:35 -0800
Earl,

http://www.mhonarc.org/MHonArc/doc/faq/security.html#htmlexchow

One of my hats is the Debian package maintainer for mhonarc. I'm tempted to
disable HTML mail support by default rather than try to improve it. What do
you think about the idea? What do you think about implementation? The
package does not have control over the resource file, so it would probably
have to be a code patch.

-Jeff
Previous By Date Next
Previous By Thread Next

Current thread: